... | ... |
@@ -738,22 +738,6 @@ int cli_scanpe(cli_ctx *ctx) |
738 | 738 |
return CL_CLEAN; |
739 | 739 |
} |
740 | 740 |
pe_plus = 1; |
741 |
- } else { |
|
742 |
- /* |
|
743 |
- either it's got a PE32_SIGNATURE or |
|
744 |
- we enable win9x compatibility in that we don't honor magic (see bb#119) |
|
745 |
- either way it's a 32bit thingy |
|
746 |
- */ |
|
747 |
- if(EC16(optional_hdr32.Magic) != PE32_SIGNATURE) { |
|
748 |
- if(!ctx->corrupted_input) |
|
749 |
- cli_warnmsg("Incorrect magic number in optional header\n"); |
|
750 |
- if(DETECT_BROKEN_PE) { |
|
751 |
- if(ctx->virname) |
|
752 |
- *ctx->virname = "Heuristics.Broken.Executable"; |
|
753 |
- return CL_VIRUS; |
|
754 |
- } |
|
755 |
- cli_dbgmsg("9x compatibility mode\n"); |
|
756 |
- } |
|
757 | 741 |
} |
758 | 742 |
|
759 | 743 |
if(!pe_plus) { /* PE */ |